CVE-2025-22139
Jan. 8, 2025, 8:15 p.m.
Tags
Product(s) Impacted
WeGIA
- 3.2.8
Description
WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the configuracao_geral.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msg_c parameter. This vulnerability is fixed in 3.2.8.
Weaknesses
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE ID: 79Date
Published: Jan. 8, 2025, 7:15 p.m.
Last Modified: Jan. 8, 2025, 8:15 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
security-advisories@github.com
References
https://github.com/
security-advisories@github.com
https://github.com/
134c704f-9b21-4f2e-91b3-4a467353bcc0